Total
1281 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-29551 | 1 Urve | 1 Urve | 2024-08-04 | 9.1 Critical |
| An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: _internal/pc/abort.php, _internal/pc/restart.php, _internal/pc/vpro.php, _internal/pc/wake.php, _internal/error_u201409.txt, _internal/runcmd.php, _internal/getConfiguration.php, ews/autoload.php, ews/del.php, ews/mod.php, ews/sync.php, utils/backup/backup_server.php, utils/backup/restore_server.php, MyScreens/timeline.config, kreator.html5/test.php, and addedlogs.txt. | ||||
| CVE-2020-29389 | 1 Docker | 1 Crux Linux Docker Image | 2024-08-04 | 9.8 Critical |
| The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password. | ||||
| CVE-2020-29379 | 1 Vsolcn | 4 V1600d-mini, V1600d-mini Firmware, V1600d4l and 1 more | 2024-08-04 | 5.5 Medium |
| An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access. | ||||
| CVE-2020-29311 | 1 Ubilling | 1 Ubilling | 2024-08-04 | 9.8 Critical |
| Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software. | ||||
| CVE-2020-29165 | 1 Rainbowfishsoftware | 1 Pacsone Server | 2024-08-04 | 9.8 Critical |
| PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges. | ||||
| CVE-2020-29138 | 1 Sagemcom | 2 F\@st 3486 Router, F\@st 3486 Router Firmware | 2024-08-04 | 5.3 Medium |
| Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running. | ||||
| CVE-2020-28946 | 1 Plummac | 2 Ik-401, Ik-401 Firmware | 2024-08-04 | 7.5 High |
| An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker (with network access to the device) to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single unauthenticated GET request. | ||||
| CVE-2020-29058 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2024-08-04 | 9.8 Critical |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can discover cleartext web-server credentials via certain /opt/lighttpd/web/cgi/ requests. | ||||
| CVE-2020-28937 | 1 Openclinic Project | 1 Openclinic | 2024-08-04 | 7.5 High |
| OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI. | ||||
| CVE-2020-28929 | 1 Epson | 2 Eps Tse Server 8, Eps Tse Server 8 Firmware | 2024-08-04 | 9.8 Critical |
| Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI. | ||||
| CVE-2020-28899 | 1 Zyxel | 6 Lte4506-m606, Lte4506-m606 Firmware, Lte7460-m608 and 3 more | 2024-08-04 | 9.1 Critical |
| The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network. | ||||
| CVE-2020-27985 | 1 Securityonionsolutions | 1 Security Onion | 2024-08-04 | 7.8 High |
| Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup. | ||||
| CVE-2020-27902 | 1 Apple | 2 Ipados, Iphone Os | 2024-08-04 | 4.6 Medium |
| An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2. A person with physical access to an iOS device may be able to access stored passwords without authentication. | ||||
| CVE-2020-25966 | 1 Sectona | 1 Spectra | 2024-08-04 | 7.5 High |
| Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendor has indicated this is not a vulnerability and states "This vulnerability occurred due to wrong configuration of system. | ||||
| CVE-2020-27376 | 1 Drtrustusa | 2 Icheck Connect Bp Monitor Bp Testing 118, Icheck Connect Bp Monitor Bp Testing 118 Firmware | 2024-08-04 | 8.8 High |
| Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication. | ||||
| CVE-2020-27285 | 1 Redlion | 1 Crimson | 2024-08-04 | 9.1 Critical |
| The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication. | ||||
| CVE-2020-27225 | 2 Eclipse, Redhat | 2 Platform, Devtools | 2024-08-04 | 7.8 High |
| In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | ||||
| CVE-2020-27019 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2024-08-04 | 5.5 Medium |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key. | ||||
| CVE-2020-26876 | 1 Wpcoursesplugin | 1 Wp-courses | 2024-08-04 | 7.5 High |
| The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because show_in_rest is enabled for custom post types (e.g., /wp-json/wp/v2/course and /wp-json/wp/v2/lesson exist). | ||||
| CVE-2020-26823 | 1 Sap | 1 Solution Manager | 2024-08-04 | 10.0 Critical |
| SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service. | ||||